<?
ob_start("ob_gzhandler");
require "include/bittorrent.php";
dbconn();
loggedinorreturn();

if (get_user_class() < UC_MODERATOR)
	error("Permission denied.");

///////////////////////////////////////////////////////////////////////////////

// Validates date in the form [yy]yy-mm-dd; Returns date if valid, 0 otherwise.
function mkdate($date)
{
	if (strpos($date,'-'))
		$a = explode('-', $date);
	elseif (strpos($date,'/'))
		$a = explode('/', $date);
	else
		return 0;

	for ($i=0;$i<3;$i++)
	{
	if (!is_numeric($a[$i]))
		return 0;
	}

	if (checkdate($a[1], $a[2], $a[0]))
		return  date ("Y-m-d", mktime (0,0,0,$a[1],$a[2],$a[0]));
	else
		return 0;
}

// ratio as a string
function ratios($up,$down, $color = True)
{
	if ($down > 0)
	{
		$r = number_format($up / $down, 2);
		if ($color)
			$r = "<font color=".get_ratio_color($r).">$r</font>";
	}
	else
	{
		if ($up > 0)
			$r = "Inf.";
		else
			$r = "---";
	}
	return $r;
}

// checks for the usual wildcards *, ? plus mySQL ones
function haswildcard($text)
{
	if (strpos($text,'*') === False && strpos($text,'?') === False && strpos($text,'%') === False && strpos($text,'_') === False)
		return False;
	else
		return True;
}

///////////////////////////////////////////////////////////////////////////////

if (count($_GET) > 0 && !$_GET['instructions'])
{

// name

	$names = explode(' ',trim($_GET['n']));
	if ($names[0] !== "")
	{
		foreach ($names as $name)
		{
	  		if (substr($name,0,1) == '~')
	  		{
      				if ($name == '~') 
					continue;
				$names_exc[] = substr($name,1);
			}
			else
				$names_inc[] = $name;
		}

		if (is_array($names_inc))
		{
			$where_is .= isset($where_is)?" AND (":"(";
			foreach($names_inc as $name)
			{
				if (!haswildcard($name))
					$name_is .= (isset($name_is)?" OR ":"") . "u.username = " . sqlesc($name);
				else
				{
					$name = str_replace(array('?','*'), array('_','%'), $name);
					$name_is .= (isset($name_is)?" OR ":"") . "u.username LIKE " . sqlesc($name);
				}
			}
			$where_is .= $name_is . ")";
			unset($name_is);
		}

		if (is_array($names_exc))
		{
			if (is_array($names_inc))
				$where_is .= isset($where_is)?" OR NOT (":" NOT (";
			else
				$where_is .= isset($where_is)?" AND NOT (":" NOT (";
			foreach($names_exc as $name)
			{
				if (!haswildcard($name))
					$name_is .= (isset($name_is)?" OR ":"") . "u.username = " . sqlesc($name);
				else
				{
					$name = str_replace(array('?','*'), array('_','%'), $name);
					$name_is .= (isset($name_is)?" OR ":"") . "u.username LIKE " . sqlesc($name);
				}
			}
			$where_is .= $name_is . ")";
		}

		$q .= ($q ? "&amp;" : "") . "n=" . urlencode(trim($_GET['n']));
	}

// email

	$emails = explode(' ', trim($_GET['em']));
	if ($emails[0] !== "")
	{
		foreach ($emails as $email)
		{
	  		if (substr($email,0,1) == '~')
	  		{
      				if ($email == '~') 
					continue;
				$emails_exc[] = substr($email,1);
			}
			else
				$emails_inc[] = $email;
		}

		if (is_array($emails_inc))
		{
			$where_is .= isset($where_is)?" AND (":"(";
			foreach($emails_inc as $email)
			{
				if (!haswildcard($email))
					$email_is .= (isset($email_is)?" OR ":"") . "u.email = " . sqlesc($email);
				else
				{
					$email = str_replace(array('?','*'), array('_','%'), $email);
					$email_is .= (isset($email_is)?" OR ":"") . "u.email LIKE " . sqlesc($email);
				}
			}
			$where_is .= $email_is . ")";
			unset($email_is);
		}

		if (is_array($emails_exc))
		{
			if (is_array($emails_inc))
				$where_is .= isset($where_is)?" OR NOT (":" NOT (";
			else
				$where_is .= isset($where_is)?" AND NOT (":" NOT (";
			foreach($emails_exc as $email)
			{
				if (!haswildcard($email))
					$email_is .= (isset($email_is)?" OR ":"") . "u.email = " . sqlesc($email);
				else
				{
					$email = str_replace(array('?','*'), array('_','%'), $email);
					$email_is .= (isset($email_is)?" OR ":"") . "u.email LIKE " . sqlesc($email);
				}
			}
			$where_is .= $email_is . ")";
		}

		$q .= ($q ? "&amp;" : "") . "em=" . urlencode(trim($_GET['em']));
	}

// class

	$class = $_GET['c'] - 1;
	if (is_valid_id($class + 1))
	{
		$where_is .= (isset($where_is)?" AND ":"") . "u.class=$class";
		$q .= ($q ? "&amp;" : "") . "c=" . ($class+1);
	}

// IP

	$ip = trim($_GET['ip']);
	if ($ip)
	{
		$regex = "/^(((1?\d{1,2})|(2[0-4]\d)|(25[0-5]))(\.\b|$)){4}$/";
		if (!preg_match($regex, $ip))
			error("Bad IP.");

		$mask = trim($_GET['ma']);
		if ($mask == "" || $mask == "255.255.255.255")
			$where_is .= (isset($where_is)?" AND ":"") . "u.ip = '$ip'";
		else
		{
			if (substr($mask,0,1) == "/")
			{
				$n = substr($mask, 1, strlen($mask) - 1);
				if (!is_numeric($n) or $n < 0 or $n > 32)
					error("Bad subnet mask.");
				else
					$mask = long2ip(pow(2,32) - pow(2,32-$n));
			}
			elseif (!preg_match($regex, $mask))
				error("Bad subnet mask.");
			$where_is .= (isset($where_is)?" AND ":"") . "INET_ATON(u.ip) & INET_ATON('$mask') = INET_ATON('$ip') & INET_ATON('$mask')";
			$q .= ($q ? "&amp;" : "") . "ma=$mask";
		}
		$q .= ($q ? "&amp;" : "") . "ip=$ip";
	}

// ratio

	$ratio = trim($_GET['r']);
	if ($ratio)
	{
		if ($ratio == '---')
		{
			$ratio2 = "";
			$where_is .= isset($where_is)?" AND ":"";
			$where_is .= "u.uploaded = 0 and u.downloaded = 0";
		}
		elseif (strtolower(substr($ratio,0,3)) == 'inf')
		{
			$ratio2 = "";
			$where_is .= isset($where_is)?" AND ":"";
			$where_is .= "u.uploaded > 0 and u.downloaded = 0";
		}
		else
		{
			if (!is_numeric($ratio) || $ratio < 0)
				error("Bad ratio.");
			$where_is .= isset($where_is)?" AND ":"";
			$where_is .= "(u.uploaded/u.downloaded)";
			$ratiotype = $_GET['rt'];
			$q .= ($q ? "&amp;" : "") . "rt=$ratiotype";
			if ($ratiotype == "3")
			{
				$ratio2 = trim($_GET['r2']);
				if(!$ratio2)
					error("Two ratios needed for this type of search.");
				if (!is_numeric($ratio2) or $ratio2 < $ratio)
					error("Bad second ratio.");
				$where_is .= " BETWEEN $ratio and $ratio2";
				$q .= ($q ? "&amp;" : "") . "r2=$ratio2";
			}
			elseif ($ratiotype == "2")
				$where_is .= " < $ratio";
			elseif ($ratiotype == "1")
				$where_is .= " > $ratio";
			else
				$where_is .= " BETWEEN ($ratio - 0.004) and ($ratio + 0.004)";
		}
		$q .= ($q ? "&amp;" : "") . "r=$ratio";
	}

// comment

	$comments = explode(' ',trim($_GET['co']));
	if ($comments[0] !== "")
	{
		foreach($comments as $comment)
		{
			if (substr($comment,0,1) == '~')
			{
				if ($comment == '~')
					continue;
				$comments_exc[] = substr($comment,1);
			}
			else
				$comments_inc[] = $comment;
		}

		if (is_array($comments_inc))
		{
			$where_is .= isset($where_is)?" AND (":"(";
			foreach($comments_inc as $comment)
			{
				if (!haswildcard($comment))
					$comment_is .= (isset($comment_is)?" OR ":"") . "u.modcomment LIKE " . sqlesc("%".$comment."%");
				else
				{
					$comment = str_replace(array('?','*'), array('_','%'), $comment);
					$comment_is .= (isset($comment_is)?" OR ":"") . "u.modcomment LIKE " . sqlesc($comment);
				}
			}
			$where_is .= $comment_is . ")";
			unset($comment_is);
		}

		if (is_array($comments_exc))
		{
			if (is_array($comments_inc))
				$where_is .= isset($where_is)?" OR NOT (":" NOT (";
			else
				$where_is .= isset($where_is)?" AND NOT (":" NOT (";
			foreach($comments_exc as $comment)
			{
				if (!haswildcard($comment))
					$comment_is .= (isset($comment_is)?" OR ":"") . "u.modcomment LIKE " . sqlesc("%".$comment."%");
				else
				{
					$comment = str_replace(array('?','*'), array('_','%'), $comment);
					$comment_is .= (isset($comment_is)?" OR ":"") . "u.modcomment LIKE " . sqlesc($comment);
				}
			}
			$where_is .= $comment_is . ")";
		}

		$q .= ($q ? "&amp;" : "") . "co=".urlencode(trim($_GET['co']));
	}

// uploaded

	$unit = 1073741824;      // 1GB
	$ul = trim($_GET['ul']);
	if ($ul)
	{
		if (!is_numeric($ul) || $ul < 0)
			error("Bad uploaded amount.");
		$where_is .= isset($where_is)?" AND ":"";
		$where_is .= "u.uploaded";
		$ultype = $_GET['ult'];
		$q .= ($q ? "&amp;" : "") . "ult=$ultype";
		if ($ultype == "3")
		{
			$ul2 = trim($_GET['ul2']);
			if(!$ul2)
				error("Two uploaded amounts needed for this type of search.");
			if (!is_numeric($ul2) or $ul2 < $ul)
				error("Bad second uploaded amount.");
			$where_is .= " BETWEEN " . $ul*$unit . " and " . $ul2*$unit;
			$q .= ($q ? "&amp;" : "") . "ul2=$ul2";
		}
		elseif ($ultype == "2")
			$where_is .= " < " . $ul*$unit;
		elseif ($ultype == "1")
			$where_is .= " > " . $ul*$unit;
		else
			$where_is .= " BETWEEN " . ($ul - 0.004)*$unit . " and " . ($ul + 0.004)*$unit;
		$q .= ($q ? "&amp;" : "") . "ul=$ul";
	}

// downloaded

	$dl = trim($_GET['dl']);
	if ($dl)
	{
		if (!is_numeric($dl) || $dl < 0)
			error("Bad downloaded amount.");
		$where_is .= isset($where_is)?" AND ":"";
		$where_is .= "u.downloaded";
		$dltype = $_GET['dlt'];
		$q .= ($q ? "&amp;" : "") . "dlt=$dltype";
		if ($dltype == "3")
		{
			$dl2 = trim($_GET['dl2']);
			if(!$dl2)
				error("Two downloaded amounts needed for this type of search.");
			if (!is_numeric($dl2) or $dl2 < $dl)
				error("Bad second downloaded amount.");
			$where_is .= " BETWEEN " . $dl*$unit . " and " . $dl2*$unit;
			$q .= ($q ? "&amp;" : "") . "dl2=$dl2";
		}
		elseif ($dltype == "2")
			$where_is .= " < " . $dl*$unit;
		elseif ($dltype == "1")
			$where_is .= " > " . $dl*$unit;
		else
			$where_is .= " BETWEEN " . ($dl - 0.004)*$unit . " and " . ($dl + 0.004)*$unit;
		$q .= ($q ? "&amp;" : "") . "dl=$dl";
	}

// date joined

	$date = trim($_GET['d']);
	if ($date)
	{
		if (!$date = mkdate($date))
			error("Invalid date.");
		$q .= ($q ? "&amp;" : "") . "d=$date";
		$datetype = $_GET['dt'];
		$q .= ($q ? "&amp;" : "") . "dt=$datetype";
		if ($datetype == "0")
    			$where_is .= (isset($where_is)?" AND ":"") . "DATE(added) = DATE('$date')";
		else
		{
			$where_is .= (isset($where_is)?" AND ":"") . "u.added";
			if ($datetype == "3")
			{
				$date2 = mkdate(trim($_GET['d2']));
				if ($date2)
				{
					if (!$date = mkdate($date))
						error("Invalid date.");
					$q .= ($q ? "&amp;" : "") . "d2=$date2";
					$where_is .= " BETWEEN '$date' and '$date2'";
				}
				else
					error("Two dates needed for this type of search.");
			}
			elseif ($datetype == "1")
				$where_is .= " < '$date'";
			elseif ($datetype == "2")
				$where_is .= " > '$date'";
		}
	}

// date last seen

	$last = trim($_GET['ls']);
	if ($last)
	{
		if (!$last = mkdate($last))
			error("Invalid date.");
		$q .= ($q ? "&amp;" : "") . "ls=$last";
		$lasttype = $_GET['lst'];
		$q .= ($q ? "&amp;" : "") . "lst=$lasttype";
		if ($lasttype == "0")
			$where_is .= (isset($where_is)?" AND ":"") . "DATE(last_access) = DATE('$last')";
		else
		{
			$where_is .= (isset($where_is)?" AND ":"") . "u.last_access";
			if ($lasttype == "3")
			{
				$last2 = mkdate(trim($_GET['ls2']));
				if ($last2)
				{
					$where_is .= " BETWEEN '$last' and '$last2'";
					$q .= ($q ? "&amp;" : "") . "ls2=$last2";
				}
				else
					error("The second date is not valid.");
			}
			elseif ($lasttype == "1")
				$where_is .= " < '$last'";
			elseif ($lasttype == "2")
				$where_is .= " > '$last'";
		}
	}

// pending

	$pending = $_GET['pe'];
	if ($pending)
	{
		$where_is .= ((isset($where_is))?" AND ":"");
		if ($pending == "1")
			$where_is .= "u.status = 'pending'";
		else
			$where_is .= "u.status = 'confirmed'";
		$q .= ($q ? "&amp;" : "") . "pe=$pending";
	}

// disabled

	$disabled = $_GET['di'];
	if ($disabled)
	{
		$where_is .= (isset($where_is))?" AND ":"";
		if ($disabled == "1")
			$where_is .= "u.enabled = 'no'";
		else
			$where_is .= "u.enabled = 'yes'";
		$q .= ($q ? "&amp;" : "") . "di=$disabled";
	}

// donor

	$donor = $_GET['do'];
	if ($donor)
	{
		$where_is .= (isset($where_is))?" AND ":"";
		if ($donor == 1)
			$where_is .= "u.donor = 'yes'";
		else
			$where_is .= "u.donor = 'no'";
		$q .= ($q ? "&amp;" : "") . "do=$donor";
	}

// warned

	$warned = $_GET['w'];
	if ($warned)
	{
		$where_is .= (isset($where_is))?" AND ":"";
		if ($warned == 1)
			$where_is .= "u.warned = 'yes' AND u.enabled = 'yes'";
		else
			$where_is .= "(u.warned = 'no' OR u.enabled = 'no')";
		$q .= ($q ? "&amp;" : "") . "w=$warned";
	}

// parked

	$parked = $_GET['p'];
	if ($parked)
	{
		$where_is .= (isset($where_is))?" AND ":"";
		if ($parked == 1)
			$where_is .= "u.parked = 'yes'";
		else
			$where_is .= "u.parked = 'no'";
		$q .= ($q ? "&amp;" : "") . "p=$parked";
	}

// disabled IP

	$disabledip = $_GET['dip'];
	if ($disabledip)
	{
		$distinct = "DISTINCT ";
		$join_is .= " LEFT JOIN users AS u2 ON u.ip = u2.ip";
		$where_is .= ((isset($where_is))?" AND ":"") . "u2.enabled = 'no'";
		$q .= ($q ? "&amp;" : "") . "dip=$disabledip";
	}

// active

	$active = $_GET['ac'];
	if ($active == "1")
	{
		$distinct = "DISTINCT ";
		$join_is .= " INNER JOIN peers AS p ON u.id = p.userid";
		$q .= ($q ? "&amp;" : "") . "ac=$active";
	}


// create query

	$from_is = "users AS u" . $join_is;
	$distinct = isset($distinct)?$distinct:"";

	$queryc = "SELECT COUNT(" . $distinct . "u.id) FROM " . $from_is . (($where_is == "")?"":" WHERE $where_is");

	$querypm = "FROM " . $from_is . (($where_is == "")?"":" WHERE $where_is");

	$select_is = "u.id, u.username, u.email, u.status, u.added, u.last_access, u.ip, u.class, u.uploaded, u.downloaded, u.donor, u.modcomment, u.parked, u.enabled, u.warned";

	$query = "SELECT " . $distinct . $select_is . " " . $querypm . " ORDER BY u.id";

// perform query

	$res = query($queryc) or sqlerr();
	$arr = mysql_fetch_row($res);
	$count = $arr[0];

	$q = isset($q)?($q."&amp;"):"";

	$perpage = 30;

	list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $_SERVER["PHP_SELF"] . "?" . $q);

	if ($limit)
		$query .= " " . $limit;

	$res = query($query) or sqlerr();
}

stdhead("Administrative User Search");
print("<h1>Administrative User Search</h1>\n\n");

if ($_GET['instructions'])
{
	print("<p align=center>(<a href=\"" . $_SERVER["PHP_SELF"] . "\">Reset</a>)</p>\n");
	print("<table width=\"75%\" class=\"main\" border=0><tr><td style=\"border: none; text-align: left\"><ul>\n");
	print("<li>Fields left blank will be ignored.<br />\n");
	print("<li>Name, Email, and Comments may contain '*' or '?' as wildcards, '~' as negation, and multiple values separated by spaces.<br />\n");
	print("'max* ~*e*' in Name will list both users whose names start with 'max' and users whose names don't contain an 'e'.<br />\n");
	print("<li>For search options with two text box fields, the second box will be ignored unless the search type is 'between'.<br />\n");
	print("<li>Ratio may contain a normal numeric value, 'Inf', or '---'.<br />\n");
	print("<li>Uploaded and Downloaded must be entered in GB.<br />");
	print("<li>Mask may contain either dotted decimal or CIDR notation.<br />\n");
	print("255.255.255.0 is the same as /24 for the Mask.<br />\n");
	print("<li>Disabled IP returns only users whose IPs also show up in disabled accounts.<br />\n");
	print("<li>Active only returns only users currently leeching or seeding.<br />\n");
	print("<li>The 'p' columns in the results show partial stats of the torrents in progress.<br />\n");
	print("<li>The 'History' column in the results shows the number of forum posts and torrent comments respectively.<br />\n");
	print("</ul></td></tr></table>\n\n<br />\n\n");
}
else
{
	print("<p align=center>(<a href=\"" . $_SERVER["PHP_SELF"]. "?instructions=1\">Instructions</a>)");
	print("&nbsp;-&nbsp;(<a href=\"" . $_SERVER["PHP_SELF"] . "\">Reset</a>)</p>\n");
}

$highlight = " bgcolor=#BBAF9B";
?>

<form method=get action=<?=$_SERVER["PHP_SELF"]?>>
<table border="1" cellspacing="0" cellpadding="5">
<tr>

	<td valign="middle" class=rowhead>Name:</td>
	<td<?=$_GET['n']?$highlight:""?>><input name="n" type="text" value="<?=$_GET['n']?>" size=35></td>

	<td valign="middle" class=rowhead>Ratio:</td>
	<td<?=$_GET['r']?$highlight:""?>>
	<select name="rt">
	<?
	$options = array("equal","above","below","between");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET["rt"]==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	<input name="r" type="text" id="r" size="8" maxlength="7" value="<?=$_GET['r']?>">
	<input name="r2" type="text" id="r2" size="8" maxlength="7" value="<?=$_GET['r2']?>">
	</td>

	<td valign="middle" class=rowhead>Class:</td>
	<td<?=$_GET['c']?$highlight:""?>>
	<select name="c">
	<?
	$options = array("(any)");
	for ($i=0;$i<=UC_SYSOP;$i++)
	$options[] = get_user_class_name($i);
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['c']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	</td>

</tr>
<tr>

	<td valign="middle" class=rowhead>Email:</td>
	<td<?=$_GET['em']?$highlight:""?>><input name="em" type="text" value="<?=$_GET['em']?>" size="35"></td>

	<td valign="middle" class=rowhead>Uploaded:</td>
	<td<?=$_GET['ul']?$highlight:""?>>
	<select name="ult" id="ult">
	<?
	$options = array("equal","above","below","between");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['ult']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	<input name="ul" type="text" id="ul" size="8" maxlength="7" value="<?=$_GET['ul']?>">
	<input name="ul2" type="text" id="ul2" size="8" maxlength="7" value="<?=$_GET['ul2']?>">
	</td>

	<td valign="middle" class=rowhead>Pending:</td>
	<td<?=$_GET['pe']?$highlight:""?>>
	<select name="pe">
	<?
	$options = array("(any)","Yes","No");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['pe']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	</td>

</tr>
<tr>

	<td valign="middle" class=rowhead>Comment:</td>
	<td<?=$_GET['co']?$highlight:""?>><input name="co" type="text" value="<?=$_GET['co']?>" size="35"></td>

	<td valign="middle" class=rowhead>Downloaded:</td>
	<td<?=$_GET['dl']?$highlight:""?>>
	<select name="dlt" id="dlt">
	<?
	$options = array("equal","above","below","between");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['dlt']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	<input name="dl" type="text" id="dl" size="8" maxlength="7" value="<?=$_GET['dl']?>">
	<input name="dl2" type="text" id="dl2" size="8" maxlength="7" value="<?=$_GET['dl2']?>">
	</td>

	<td valign="middle" class=rowhead>Disabled:</td>
	<td<?=$_GET['di']?$highlight:""?>>
	<select name="di">
	<?
	$options = array("(any)","Yes","No");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['di']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	</td>

</tr>
<tr>

	<td valign="middle" class=rowhead>Joined:</td>
	<td<?=$_GET['d']?$highlight:""?>>
	<select name="dt">
	<?
	$options = array("on","before","after","between");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['dt']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	<input name="d" type="text" value="<?=$_GET['d']?>" size="12" maxlength="10">
	<input name="d2" type="text" value="<?=$_GET['d2']?>" size="12" maxlength="10">
	</td>

	<td valign="middle" class=rowhead>IP:</td>
	<td<?=$_GET['ip']?$highlight:""?>><input name="ip" type="text" value="<?=$_GET['ip']?>" maxlength="17"></td>

	<td valign="middle" class=rowhead>Warned:</td>
	<td<?=$_GET['w']?$highlight:""?>>
	<select name="w">
	<?
	$options = array("(any)","Yes","No");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['w']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	</td>

</tr>
<tr>

	<td valign="middle" class=rowhead>Last seen:</td>
	<td <?=$_GET['ls']?$highlight:""?>>
	<select name="lst">
	<?
	$options = array("on","before","after","between");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['lst']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	<input name="ls" type="text" value="<?=$_GET['ls']?>" size="12" maxlength="10">
	<input name="ls2" type="text" value="<?=$_GET['ls2']?>" size="12" maxlength="10">
	</td>

	<td valign="middle" class=rowhead>Mask:</td>
	<td<?=$_GET['ma']?$highlight:""?>><input name="ma" type="text" value="<?=$_GET['ma']?>" maxlength="17"></td>

	<td valign="middle" class="rowhead">Donor:</td>
	<td<?=$_GET['do']?$highlight:""?>>
	<select name="do">
	<?
	$options = array("(any)","Yes","No");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['do']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	</td>

</tr>
<tr>

	<td valign="middle" class=rowhead>Active only:</td>
	<td<?=$_GET['ac']?$highlight:""?>>
	<input name="ac" type="checkbox" value="1"<?=($_GET['ac'])?" checked":""?>>
	</td>

	<td valign="middle" class=rowhead>Disabled IP:</td>
	<td<?=$_GET['dip']?$highlight:""?>>
	<input name="dip" type="checkbox" value="1"<?=($_GET['dip'])?" checked":""?>>
	</td>

	<td valign="middle" class=rowhead>Parked:</td>
	<td<?=$_GET['p']?$highlight:""?>>
	<select name="p">
	<?
	$options = array("(any)","Yes","No");
	foreach ($options as $num => $option)
	print("<option value=$num" . (($_GET['p']==$num)?" selected":"") . ">$option</option>\n");
	?>
	</select>
	</td>

</tr>
<tr>

<td colspan="6" align=center><input value="Search" type=submit class=btn></td>

</tr>
</table>
</form>

<br />

<?

if (count($_GET) > 0 && !$_GET['instructions'])
{
	if (mysql_num_rows($res) == 0)
		print("<b>No user was found.</b>");
	else
	{
		if ($count > $perpage)
			print($pagertop);
		print("<table border=1 cellspacing=0 cellpadding=5>\n");
		print("<tr><td class=colhead align=left>Name</td><td class=colhead align=left>Email</td><td class=colhead align=left>IP</td>");
		print("<td class=colhead align=left>Joined</td><td class=colhead align=left>Last seen</td><td class=colhead align=left>Status</td>");
		print("<td class=colhead align=left>Ratio</td>");
		print("<td class=colhead>pUL</td><td class=colhead>pDL</td><td class=colhead>pR</td>");
		print("<td class=colhead>History</td></tr>");

		while ($user = mysql_fetch_array($res))
		{
			if ($user['added'] == '0000-00-00 00:00:00')
				$user['added'] = '---';
			if ($user['last_access'] == '0000-00-00 00:00:00')
				$user['last_access'] = '---';

			if ($user['ip'])
				$ipstr = $user['ip'];
			else
				$ipstr = "---";

			$auxres = query("SELECT SUM(uploaded) AS pul, SUM(downloaded) AS pdl FROM peers WHERE userid = " . $user['id']) or sqlerr(__FILE__, __LINE__);
			$array = mysql_fetch_array($auxres);

			$pul = $array['pul'];
			$pdl = $array['pdl'];

			$auxres = query("SELECT COUNT(DISTINCT p.id) FROM posts AS p LEFT JOIN topics as t ON p.topicid = t.id LEFT JOIN forums AS f ON t.forumid = f.id " . 
			"WHERE p.userid = " . $user['id'] . " AND f.minclassread <= " . $CURUSER['class']) or sqlerr(__FILE__, __LINE__);

			$n = mysql_fetch_row($auxres);
			$n_posts = $n[0];

			$auxres = query("SELECT COUNT(id) FROM comments WHERE user = " . $user['id']) or sqlerr(__FILE__, __LINE__);
			$n = mysql_fetch_row($auxres);
			$n_comments = $n[0];

			print("<tr><td><b><a href='userdetails.php?id=" . $user['id'] . "'>" . $user['username'] . "</a></b>" . get_user_icons($user) . "</td>");
			print("<td>" . $user['email'] . "</td><td>" . $ipstr . "</td>");
			print("<td><div align=center>" . substr($user['added'],0,10) . "</div></td><td><div align=center>" . substr($user['last_access'],0,10) . "</div></td>");
			print("<td><div align=center>" . $user['status'] . "</div></td>");
			print("<td>" . ratios($user['uploaded'], $user['downloaded']) . "</td>");
			print("<td><div align=right>" . bytesize($pul) . "</div></td><td><div align=right>" . bytesize($pdl) . "</div></td>");
			print("<td><div align=center>" . ratios($pul,$pdl) . "</div></td>");
			print("<td><div align=center>".($n_posts?"<a href=/userhistory.php?action=viewposts&id=".$user['id'].">$n_posts</a>":$n_posts));
			print("|".($n_comments?"<a href=/userhistory.php?action=viewcomments&id=".$user['id'].">$n_comments</a>":$n_comments));
			print("</div></td></tr>\n");
		}
		print("</table>");
		if ($count > $perpage)
			print($pagerbottom);
	}
}

stdfoot();
?>